This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Log Collection for windows servers

Issac08
Beginner
Beginner

‎2018-01-04 10:27 AM

Hi all,

 

 Apart from winrm what are the other log collection methods ,there is any native agent that collects logs from windows box?

Labels:
0 Likes
3 REPLIES 3

EricPartington
Employee
Employee

‎2018-01-04 11:31 AM

snare agent

event reporter agent

winRM either to RSA netwitness or 

WinRM to windows event collection server then 1 winRM connection to RSA log Collector

https://community.rsa.com/community/products/netwitness/blog/2017/01/30/logs-collecting-windows-events-with-wec?commentI… 

0 Likes

Issac08
Beginner
Beginner
In response to EricPartington

‎2018-01-04 11:46 AM

Thanks ,Which is best solution to go agent or winrm ?

And also share me where we can download  these agents .

0 Likes

EricPartington
Employee
Employee
In response to Issac08

‎2018-01-04 01:38 PM

depends on how your environment is configured and if you have control over the master build or logon scripts to push agents out or configure WinRM via GPO.

 

The agents are 3rd party and not RSA provided.  There is potentially another license to purchase those (snare used to be free in 4.x but now i think in 5.x you need to pay a fee per agent).

 

Configuration guides are here:

https://community.rsa.com/community/products/netwitness/parser-network/event-sources 

 

look for 'microsoft windows'

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.